Tech Ed North America 2010 9/14/2018 6:05 AM SESSION CODE: WPH301 Windows Phone 7: Deploy Microsoft Forefront Unified Access Gateway (UAG) for Access Control to SharePoint, Exchange and More Ben Bernstein Sr. Program Manager UAG Product Group Microsoft Corporation Uri Lichtenfeld Director of Enterprise Services and Security Specialist – NY Certified Security Solutions © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Tech Ed North America 2010 9/14/2018 6:05 AM Agenda Solution Architecture for enterprise mobile access with Windows Phone Deploying UAG 2010 with Windows Phone 7 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Data Center / Corporate Network The Problem Data Center / Corporate Network Windows Phone Internet AD, ADFS, RADIUS, LDAP…. NPS, ILM

Data Center / Corporate Network UAG Solution Data Center / Corporate Network Windows Phone Exchange CRM SharePoint IIS based IBM, SAP, Oracle HTTPS / HTTP HTTPS (443) Internet AD, ADFS, RADIUS, LDAP…. NPS, ILM

Benefits of HTTPS Publishing Efficient Bandwidth – Very minimal overhead for most of the applications Battery efficient – No need to maintain a connection over time Seamless & Always-on No need to open explicitly, applications get data when requested Always Working Supported on all cellular data networks (Unlike IPSec) More Control Admin has a tight control over what is exposed and what is not No need for full network access

UAG Solution Architecture Data Center / Corporate Network Windows Phone Exchange CRM SharePoint IIS based IBM, SAP, Oracle Home / Friend / Kiosk HTTPS / HTTP Layer3 VPN Terminal / Remote Desktop Services Internet HTTPS (443) DirectAccess Non web AD, ADFS, RADIUS, LDAP…. Business Partners / Sub-Contractors NPS, ILM Employees Managed Machines

Tech Ed North America 2010 9/14/2018 6:05 AM Agenda Solution Architecture for enterprise mobile access with Windows Phone Deploying UAG 2010 with Windows Phone 7 Exchange ActiveSync Publishing Filtering Mobile Access Portal and mobile login SharePoint Access Mobile Browsing SharePoint Workspaces Mobile 2010 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ActiveSync Publishing UAG 2010 has out-of the box support for Exchange external protocols Easy publishing with publishing wizard: Outlook Web Access Exchange ActiveSync Outlook Anywhere

Benefits of publishing ActiveSync With UAG Enhanced Security End-users pre-authenticate against the Forefront UAG server before they gain access to the Exchange CAS Utilize the application-level control engine to inspect URLs Integrated Load Balancing Traffic is distributed evenly between the Exchange CAS using UAG built-in farms L/B Exchange CAS UAG UAG Exchange CAS Exchange CAS

Configure Exchange Publishing in UAG DEMO

ActiveSync Filtering for Compliance AGAT Software Solutions developed an add-on to IAG and UAG that filters ActiveSync traffic according to the device type/ID accessing it, the content type and keywords © AGAT Software Solutions – www.agatsolutions.com

Tech Ed North America 2010 9/14/2018 6:05 AM Agenda Solution Architecture for enterprise mobile access with Windows Phone Deploying UAG 2010 with Windows Phone 7 Exchange ActiveSync Publishing Filtering Mobile Access Portal and mobile login SharePoint Access Mobile Browsing SharePoint Workspaces Mobile 2010 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Mobile Portal UAG adapts portal to mobile devices capabilities: Browsers with mainly textual UI and smaller screens Windows Phone with more advanced browser UAG automatically identifies the devices capabilities

Single Sign-On Once the mobile user is logged in to UAG, he does not need to authenticate again when moving from one application to the other

Mobile Login: Problem Corporate passwords are long and complicated Complex credentials are hard to type on smartphones

Mobile Login: Solution UAG implements innovative simplified login for mobile devices: User first login with his corporate credentials Then he can associate a PIN Next time, the users logs using the PIN Every several days the user has to reenter her corporate password

Mobile Login PIN login is implemented without leaving the corporate password on the mobile device or store it on the server: Username + Password + PIN UAG Server Secret Set-Cookie with encrypted: Username + password + PIN + Server Secret + Salt Cookie + PIN UAG Server Secret Cookie

Tech Ed North America 2010 9/14/2018 6:05 AM Agenda Solution Architecture for enterprise mobile access with Windows Phone Deploying UAG 2010 with Windows Phone 7 Exchange ActiveSync Publishing Filtering Mobile Access Portal and mobile login SharePoint Access Mobile Browsing SharePoint Workspaces Mobile 2010 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

SharePoint Mobile Browsing UAG 2010 supports SharePoint Server publishing SharePoint 2010 can be accessed thru mobile browser Office Web Apps are supported in Mobile browser

SharePoint Mobile Workspace Windows 7 | Presenter Mode Friday, September 14, 2018 SharePoint Mobile Workspace Easier access to SharePoint libraries and lists Ability to synchronize Office docs edited and stored locally on the device UAG allows access for on-premises SharePoint Server 2010 via SSL Browse a site and view list & libraries easily Access multiple sites and libraries Access your documents offline Microsoft Confidential

SharePoint Mobile Workspace SharePoint Mobile Workspace client has a special protocol with UAG to translate the internal to external URLs Example: http://MyPortal/  https://myportal.contoso.com/ Configuring UAG settings on Windows Phone

Configuring Forefront UAG for Mobile Access

Configuring Forefront UAG Mobile Browsing From AgentAuthenticationCompetency.xml: Added automatically for SharePoint Mobile Workspace

SharePoint Mobile Workspace and UAG – Request Flow SharePoint Mobile Workspace performs a get request to the signURL.asp page in the UAG internalsite The signURL.asp page has the AAM address of the SharePoint site published by UAG SharePoint Mobile Workspace accesses the SharePoint AAM site UAG identifies the user agent sent by SharePoint Mobile Workspace and responds with a 401 (basic auth). SharePoint Mobile Workspace uses the user’s credentials that are defined in the UAG settings page UAG authenticates the user The user can start working with the SharePoint site

Request flow (user PoV) User accesses a document on a SharePoint library The document opens!

Deployment Tips Wildcard SSL certificate for UAG sites Configuring SharePoint AAM for UAG UAG guide for SharePoint publishing http://technet.microsoft.com/en-us/library/dd857356.aspx UAG team blog http://blogs.technet.com/edgeaccessblog/archive/2008/10/13/publishing-sharepoint-with-iag-2007-part-3-sharepoint-topologies.aspx TechNet: Plan Alternate Access Mappings http://technet.microsoft.com/en-us/library/cc288609.aspx

AAM Configuration Zone Internal URL Public URL for Zone Default http://hrportal Internet http://hrportal.woodgrovebank.com https://hrportal.woodgrovebank.com Zone Internal URL Public URL for Zone Default http://hrportal Internet https://hrportal.woodgrovebank.com

SharePoint Mobile Workspace DEMO

Windows Phone Resources Questions? Demos? The Latest phones? Visit the Windows Phone Technical Learning Center for demos and more… Business IT Resources www.windowsphone.com/business Developer Resources developer.windowsphone.com Experience Windows Phone 7 on-line and get a backstage pass www.windowsphone7.com

Win a Windows Phone Contest Hat Contest* How do you enter? Enter by visiting the Windows Phone booth, accepting a free Windows Phone branded hat, and wearing that hat during the Event. How am I selected? Each day of the event, a Windows Phone representative will randomly select up to 5 people who are observed wearing their Windows Phone branded hat Session Contest* During each Windows Phone session the moderator will post a question. The first person to correctly answer the question and called on by the moderator will potentially win Questions? Go to the WPH Information Counter at the TLC * Restrictions apply please see contest rules for eligibility and restrictions. Contest rules are displayed in the Technical Learning Center at the WPH info counter.

Related Windows Phone Content – Breakout Sessions Mon &Tue Monday WPH301 WP7: Deploy Microsoft Forefront Unified Access Gateway for Access Control to SharePoint, Exchange and more. WPH202 Deploying Windows Phone 7 with Exchange Server and SharePoint Server Tuesday WPH203 Overview of the Windows Phone 7 Application Platform WPH313 Windows Phone 7 Architecture Deep Dive WPH304 An In-Depth view at Building Applications for WP7 with Silverlight (Part 1) WPH305 An In-Depth view at Building Applications for WP7 with Silverlight (Part 2) WPH306 Developing Occasionally Connected Applications for Windows Phone 7

Related Windows Phone Content – Breakout Sessions Wed &Thu Wednesday WPH310 Designing and Developing for the Rich Mobile Web WPH311 Developing Mobile Code Today that will run on WP 7 Tomorrow WPH309 Silverlight performance on Windows Phone WPH307 Building Windows Phone Games with XNA WPH308 Building a High Performance 3D Game for Windows Phone Thursday WPH303 Understanding the Windows Phone 7 Development Tools WPH314 Learn Windows Phone 7 Development by Creating a Robotic T-Shirt Cannon WPH312 Understanding Marketplace and Making Money with WP7 Applications

Related Windows Phone Content – Interactive Session & HOL Windows Phone Interactive Sessions Windows Phone 7 Demo Only! Microsoft’s Next Generation Mobile Enterprise Application Platform (MEAP) Windows Phone 7 Application Performance Prepare for Windows Phone 7 Development! Coding practices you should start using now in Windows Mobile Windows Phone Hands On Labs Hello Windows Phone - Building Your first Windows Phone Application Microsoft Silverlight for Windows Phone Microsoft XNA Framework 4.0 for Windows Phones Using Push Notifications and Windows Communication Foundation (WCF) Services

Resources Learning Required Slide www.microsoft.com/teched Tech Ed North America 2010 9/14/2018 6:05 AM Required Slide Resources Learning Sessions On-Demand & Community Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning Resources for IT Professionals Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Complete an evaluation on CommNet and enter to win! Tech Ed North America 2010 9/14/2018 6:05 AM Required Slide Complete an evaluation on CommNet and enter to win! © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration   You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

Tech Ed North America 2010 9/14/2018 6:05 AM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Tech Ed North America 2010 9/14/2018 6:05 AM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.